Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » With the Maze cartel gone, ransomware remains a painful issue for organizations

With the Maze cartel gone, ransomware remains a painful issue for organizations

by Jurgita Lapienytė
10 November 2020
in Security
0
With the Maze cartel gone, ransomware remains a painful issue for organizations

With the Maze cartel gone, ransomware remains a painful issue for organizations. (c) Shutterstock

13
SHARES

The Maze ransomware cartel may have retired, but the ransomware problem is not going anywhere. The early retirement of the Maze operators didn’t surprise ransomware researchers. “There is a possibility that it’s not a shutdown but a rebranding,” Fedor Sinitsyn, senior malware analyst at Kaspersky told CyberNews.

Maze ransomware, which began operating last May, was probably the most prominent malware group that threatened businesses and large organizations.

This April, Cognizant was attacked by Maze ransomware. The company revealed that the cost of the attack could be up to $70 million. 

“We do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter,” Cognizant CFO Karen McLoughlin said in the earnings call.

In August, Canon suffered a ransomware attack for which Maze claimed responsibility. Also, the operators of Maze ransomware have published tens of GB of internal data from the networks of LG and Xerox following two failed extortion attempts, ZDnet reported.

“What also makes Maze stand out, is the fact that it was probably the first group to create a data leak blog,” researchers at Kaspersky told CyberNews.

Last week, it was reported that the Maze cartel decided to retire early at the top of their game. This is not unprecedented. Last June, GrandCrab ransomware group retired after claiming to have earned $2 billion. That only illustrates that ransomware doesn’t cease to exist. It’s quite the opposite – cybercriminals innovate and find new ways to attack.

Maze affiliates have moved on

The Maze ransomware cartel is credited with revolutionizing the ransomware industry by using a double extortion tactic, where if a company didn’t pay the ransom, Maze would release that data online. 

This has been adopted by other ransomware groups like REvil, Clop, and DoppelPaymer. Affiliates that worked with the Maze cartel are moving or have moved over to Egregor, BleepingComputer has learned.

The early retirement didn’t surprise cybersecurity researchers and experts, at all.

“We don’t see anything surprising here. It is a typical tactic of ransomware developers to close down their project after gaining enough profit,” Fedor Sinitsyn, senior malware analyst at Kaspersky, told CyberNews.

Experts have seen this happening with GrandCrab, Shade ransomware, and others.

“In case closed-down ransomware is used to operate as ransomware-as-a-service (RaaS), the affiliates typically find another malware developer to collaborate with and continue their malicious activities with another trojan. Additionally, based on the code similarity between Maze and Egregor, there is a possibility that it’s not a shutdown but a rebranding,” Fedor Sinitsyn said.

Welcome to another episode of This Week in CyberNews. This week, we’’re discussing the Maze #ransomware cartel retiring early, REvil buying #malware, Mattel attacked, Folksam’s data leak and Chrome’s active zero-days.https://t.co/PAXhRe2WOc

— CyberNews (@CyberNews_com) November 5, 2020

What was so special about Maze ransomware?

This summer, there’ve been reports that ransomware gangs joined forces. The joined efforts of the criminals certainly tend to make them more dangerous.

“As an example, researchers discovered that these ransomware groups had exchanged expertise on security solution evasion. In these circumstances, the cooperation between security vendors and law enforcement is vital to combat the criminals more effectively,” senior malware analyst at Kaspersky told CyberNews.

CyberNews asked Fedor Sinitsyn to elaborate on what made Maze so special among other ransomware gangs.

He explained that Maze typically targeted large organizations and that their victims were from different spheres of industry, including IT, telecommunications, construction, energy sector, healthcare, finance, and others.

“The malware itself is heavily obfuscated, more so than most other ransomware families. This makes the analysis more challenging and time-consuming. What also makes Maze stand out, is the fact that it was probably the first group to create a data leak blog. It is a website where they list their victims and publish the data stolen from those of them who refused to pay the ransom,” he explained.

Maze, a notorious ransomware group, says it’s shutting down pic.twitter.com/IkfSoqqKly

— Akiles Ilmaten (@AkilesIlmaten) November 3, 2020

Based on the website run by the Maze operators, more than 100 organizations have been affected by this malware family since the first time it appeared back in 2019. The Maze gang was using Bitcoin to receive ransom payments.

Fedor Sinitsyn and his colleagues never recommend paying the ransom.

“Paying would only make the extortionists stronger and encourage the growth of the ransomware threat worldwide,” he told CyberNews.

It’s up to the companies themselves whether to pay the ransom. Sometimes, businesses assume that the possible damage might be bigger than the ransom, and decide to pay. Recently, Reuters reported that US travel giant CWT paid $4.5 million to cybercriminals.

Anyways, with or without the Maze gang, ransomware is not going anywhere. Senior researchers at CyberNews are convinced that ransomware (and ransomware groups in particular) is one of the most important, top-trending cybersecurity topics in 2020 and beyond.

Data-exfiltrating #ransomware gangs pedal false promises: Extortionists are failing to delete stolen data, even when victims pay them specifically to do so, investigators warnhttps://t.co/ZCrYF6jUFQ @euroinfosec reports.

POV: @coveware @Intel_by_KELA @McAfee_Labs pic.twitter.com/XNAqEdGrIk

— DataBreachToday (@DataBreachToday) November 6, 2020

The ransomware ‘industry’ is booming

As the ransomware ‘market’ has grown, it has become both more commercial and more professional, with new entrants to the market adopting many of the language and practices of the latest startups, CyberNews contributor Adi Gaskell writes.

Recently, Barbie maker Mattel reported that it was victim of a ransomware attack on its information systems. There has been no material impact on Mattel’s operations or financial condition as a result of the incident, the company said in a quarterly report.

In September, a woman died in Duesseldorf University Hospital during a ransomware attack. She might be the first victim linked to a cyberattack on a hospital. A few weeks after, two dozen hospitals were hit by ransomware in the US. 

These examples illustrate the huge increase in the number of ransomware attacks, observed by cybersecurity experts globally. In Q3 2020, Check Point Research saw a 50% increase in the daily average of ransomware attacks, compared to the first half of the year. The top ransomware types were Maze and Ryuk.

According to Check Point Research, the top 5 countries affected by ransomware in Q3 in terms of the number of attacks are the US (98.1% increase), India (39.2%), Sri Lanka (436%), Russia (57.9%), and Turkey (32.5%).

Share13TweetShareShare
Next Post
Abstract depiction of Quantum Internet concept

Quantum internet and the future of cybersecurity

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online
Security

One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online

by CyberNews Team
26 February 2021
4

A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen...

Read more
A blast from the past: the finest retro PCs people use

A blast from the past: the finest retro PCs people use

26 February 2021
How this IMDb flaw gave me credit for working on Chernobyl, GOT, and other gigs

How this IMDb flaw gave me credit for working on Chernobyl, GOT, and other gigs

25 February 2021
Forget Bruce Willis. AI will protect us from killer asteroids instead

Forget Bruce Willis. AI will protect us from killer asteroids instead

24 February 2021
COMb data leak - Mother of all breaches

COMB: largest breach of all time leaked online with 3.2 billion records

12 February 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best web hosting services
  • Tools
    • Password generator
    • Personal data leak checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!